[Ach] filippo on SSL SMTP encryption
Aaron Zauner
azet at azet.org
Wed Apr 1 20:57:31 CEST 2015
Hi,
Jeroen Massar wrote:
> I am heavily hinting that these things are already happening.
>
> Thus that such an attack (injection of anything) is reality.
I know. But I'm not aware of that happening w.r.t. HPKP/HSTS headers.
>
> Actually the above attack caused every foreign connection to have the
> malicious injection. The local chinese, being inside the firewall, did
> not get the injection.
They injected a JavaScript Payload that opens connections to GitHub as a
DoS technique. How is that related to Denial of Service of security
headers we're discussing here?
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20150401/1e3738de/attachment.sig>
More information about the Ach
mailing list